This document discusses digital activism and hacktivism. It defines digital activism as using technology over large distances to effect political or social change through grassroots campaigns. Hacktivism is separated from digital activism by involving computer crimes like unauthorized access or impairment of computer systems. Early examples of hacktivism included attacks in 1989 promoting anti-nuclear messages. Anonymous emerged in the 2000s and became politicized through protests around Scientology in 2008. Major hacktivist operations since then have included Payback targeting copyright enforcement and Darknet targeting child pornography sites. Lessons from these events have led to guidance for underground communities on operational security.
3. The policy or action of using vigorous campaigning to
bring about political or social change.
3
4. “Use ofTechnology over large distances to effect change.”
“Grassroots activists using networked technologies for social
and political change campaigns.”
“Goal of Political or Social Change + DigitalTechnology.”
4
8. Digital Activism is separated from Hacktivism by Computer Crime
Computer Crime is well defined:
▪ UnauthorisedAccess to computer material
▪ Unauthorised access with intent to commit further offences
▪ Unauthorised acts with intent to impair the operation of a computer
▪ Making, supplying or obtaining article for use in computer misuse offences
Hactkivism is separated from CyberTerrorism byTerrorism
Terrorism in this context is well defined
▪ Anything designed to interfere with or seriously disrupt an electronic system
and
▪ Use or threat to influence government or intimidate the public and
▪ Use or threat is made for the purpose of advancing a political or ideological
cause
8
9. Software distribution
Website mirroring
Defacements
Typosquatting
Redirects
Denial of Service Attacks (DOS)
Web Sit-ins
Email Bombs
Distributed Denial of Service Attacks (DDOS)
Opt-In Botnets
Malware Botnets
Doxing
SWATting
9
10.
11. Denial of Service
An attempt by an attacker to deny a victims
services to it’s users.
1. Exploit that causes victim to fail
2. Resource exhaustion:
▪ Network Bandwidth
▪ Computing Power
▪ Memory
11
12. Distributed Denial of Service
A Dos launched simultaneously from multiple points
Usually a resource exhaustion attack
Attackers now build networks (Botnets) of compromised computers
(zombies or loads) from which to launch their attacks
Large Botnets are now available for hire or to buy for pocket money.
12
1000 Loads 5000 Loads 10,000 Loads
World Mix $25 $110 $200
EU Mix $50 $225 $400
DE,CA, GB $80 $350 $600
USA $120 $550 $1000
18. First known Hacktivism recorded in 1989
Worms Against Nuclear Killers
Australian Hacktivists
InfectedVMS DECNet systems
18
19. Formed in 2003 from the
4chan /b/ message
board
Since 2004 4chan is a
forced anonymous
community
The Btards Initially
focused on
pranks, trolling and
griefing
19
20. Anonymous were ‘politicised’ in 2008 following a
series of actions involving the Church of
Scientology.
Actions inlcuded:
Physical protests
▪ Guy Fawkes masks
Prank calls
Black faxes
DDoS attacks
▪ Low Orbit Ion Cannon (LOIC)
IRC channels used to coordinate attacks.
20
21. Operation Payback (2010)
DDoS attacks on the Pirate Bay by
MPAA & RIAA
Expands to include other copyright-
related targets
Attacks on Paypal, Matercard andVisa
related toWikileaks
Operation Darknet (2011)
Targeted child pornography sites on the
Tor network
Release usernames from the site “Lolita
City”
21
22. Angry
Chaotic
Constantly changing
International
Broad themes not specific goals
Uncoordinated
Unfinanced
Differences in philosophy and undefined
subgroups
No long term vision
22
23. A splinter group formed in 2011 as a result of
Operation Darknet known as Lulzsec
50 day rampage
Anti-Sec Movement
“Demonstrating insecurity to improve
security”
23
24. Pro-Syrian Regime Hacktivists
First seen May 2011
Targeting major news organisations
BBC
Associated Press
Guardian
CBS News
NPR
Also activists
Columbia University
Human RightsWatch
And oddly … FIFA
Sepp Blatter
2014World Cup
24
27. The underground community has learnt lessons
from Lulzsec
They have reviewed the evidence presented in
court
Developing guidance:
Create a cover
Work on the legend
Create sub-aliases
Never contaminate
Produced the “10 Hack Commandments”
27
Notas do Editor
Activism often involves peaceful protest. The social trade-off is that the protesters are arrested when they break the law and get their day in court to argue their case.Technology & Change are the key themes in digital activism.A potential lack of identity of ‘digital protestors’ is an increasing problem for a definition of a digital peaceful protest.
Traditional activism actions can almost all be translated to the digital arena.Gene Sharp – The Politics of Nonviolent Action (1973)Three volumes, Volume 2 was The Methods of Nonviolent Action.198 methods of activism defined.GoogleBombs
Techtoolsforactivism.orgOx4.org – Web hostingAktivix.org – Email & VPNsNetwork23.org – Blogs and webhostingRiseup.net – EmailTachanka.org – Web hostingIndy.im - MicrobloggingHacktionlab.org – Meetups and trainingThe Guardian Project – Android Mobile apps
Term Hacktivism first coined in 1995Computer Misuse Act (1990) Part 5 of the Police and Justice Act 2006 (Sections 35 – 38)UK Terrorism Act (2000)Not clear there has ever been a Cyberterrorist incident.The use of Hacktivism and CyberTerrorism blurred.
Software distributionPhil Zimmerman – PGPHacking tools under EU Cybercrime law?Website mirroring is an issue of Hacktivism if the content is ‘illegal’.SWATting usually relies on some form of caller ID spoofing.
Lethal Packets – ping of death. Aimed at bugs in the operating system or networking code.High impact Packets Crypto processing Less of a concern now due to excess of processing power
Malware as a service
Russian Cybercrime-as-a-service exposed by the BBC in 2009Includes an MP3 player!Zeus crimeware kit
Master zombies & slave zombiesNot immediately obvious it’s an attack if there are potential high-volume uses of the service.Spoofed IP packets common, hard to filter and harder to track back.They don’t need to receive data back.
Reflectors are uninfected machines.Requests from Slaves to reflectors look like connection requests from the victim.Reflectors respond to the victim as though it had tried to connect to them.Tend to be much bigger attacks.
First hacktivistDDoS may have been the Zippies on Guy Fawkes Day in 1994 protesting the Criminal Justice Bill.Email bomb – large volumes of email.Code for DoSsynfloods published in 1996 in 2600. First publicly reported case was Panix an NY ISP..
4chan was created by ‘moot’ a member of the Something Awful forums that spawned the Goons, another group of trolls and griefers between 2003 and 2004.Habbo Hotel was an isometric avatar driven ‘hangout for teens’. Originally a target of the Goons it drew the attention of Btards.Habbo Raid July 2006, Black avatar wearing a suit with an affro. They would congregate in large numbers and block access to the swimming pools claiming they were closed due to aids, they also often formed up into large swastikas. Disruptive but unfocused.
Video on Gawker of Tom Cruise praising the religion led to a cease-and –desist letter. V for Vendetta. – Anarchist revolutionary.
HBGary Federal attack (Qinetiq leak)SQL injection on the website CMS Grabbed the database – usernames, email, passwords Admins at HBGary used their same passwords everywhere (Twitter, linkedin, the email server, shell server) Social engineered another administrator using a high privileged email account.HBGary had been investigating Anonymous and made some public claims about their ability to identify them.Rootkit.com admin access.
Concerns have been shown to focus on civil liberty and privacy.See themselves as doing evil to avoid a greater evil.Some informal links to Occupy.
Anti-Sec Goes back to 1999 with EL8 and Project MayhemHector Monsegur, Sabu, turned federal witness againstLulzsec and Anonymous. Reused anonymous usernames and mixed identities Logged into IRC without anonymising his connection Leaked personal information in conversations Mentioned a Whois record with his real name and address while using an alias Used a stolen credit card to send goods to his home addressStratfor, corporate intelligence firm, emails subsequently distributed by Wikileaks.SQL injection again.Credit card detailsMade donations to charities using credit cards from HBGaryBackfired on the charitiesBecause SABU had been turned he was able to record the entire hack and related conversations which led to the downfall of Lulzsec
Facebook PageWebsite Registered by Syrian Computer Society – Headed by al-Assad in the 1990s Hosted on Syrian government networks Claims that a Syrian owned Dubai company is funding the attacksNot clear that only Syrians are involved as there has been a recruitment drive via social media.Suspicion of technical support from Russia.Targeted facebook pages and now twitter accounts.Phishing attacks used. Breaches are more extensive than the twitter posts suggest.
The Associated Press hack described a successful bomb attack on President Obama.$130bn value dropped off the stock market.Dow Jones Industrial dropped 145 points.Stock markets recovered.
Search on slideshare.net for Opsec for HackersNever reveal your operational detailsNever reveal your plansNever trust anyoneNever confuse recreation and hackingNever operate from your own houseBe proactively paranoid, it doesn’t work retroactivelyKeep personal life and hacking separatedKeep your personal environment contraband freeDon’t talk to the PoliceDon’t give anyone power over you